Cannot collect execution logs when SSL secure communication is enabled.

Document ID : KB000008805
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

Unable to  collect execution logs from ROC when  Secure Communications is enabled between NES and NAC .

When collecting the logs there is a error displayed which looks like : 

cert1.png

Environment:
Release Automation 6.4 and 6.5 with secure ssl communications setup between NAC and NES servers.
Cause:

The configuration in step 19  from the procedure setting  Secure Communications  is not always loaded correctly.

Step 19:

Open the RA_HOME\conf\security-customization.properties file that you created when securing UI communication, and add the following lines:

javax.net.ssl.trustStore=conf/custom-truststore.jks
javax.net.ssl.trustStorePassword=<plain text password for custom-truststore.jks>

 

 

 

Resolution:

You can resolve this in two way's.

Solution 1:

You can add  the certifcate from the NES to to Java default truststore cacerts . 

to do this run keytool in the RA_HOME directory. 

.\jre\bin\keytool -importcert -alias ra-nes1 -file nes1.crt -keystore jre/lib/security/cacerts -v -rfc 

The default password for cacerts is changeit.

Solution 2:

point the java runtime used by tomcat to the custom-truststore which contains the certificates from the NES  by adding the following 
startup parameters in RA_HOME$\bin\catalina.sh file on Unix.

-Djavax.net.ssl.trustStore=conf/custom-truststore.jks 
-Djavax.net.ssl.trustStorePassword=<truststore-password> 

In windows you have to add this to the nolioserver settings in the registry using regedit.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Apache Software Foundation\Procrun 2.0\NolioServer20\Parameters\Java\Options 

or run from the RA_HOME directory:

.\bin\Tomcat8 //US//NolioServer20 ++JvmOptions "-Djavax.net.ssl.trustStore=conf/custom-truststore.jks;-Djavax.net.ssl.trustStorePassword=<truststore-password>"

restart the nolio service.